| ▲ | e12e 4 hours ago | |
> for static API keys, the backend injects the credential directly into the agent's runtime environment. What prevents the agent from presisering or leaking the API key - or reading it from the environment? | ||
| ▲ | mc-serious 4 hours ago | parent [-] | |
yes, atm there's nothing that keeps the agent from reading the key from the environment. If a static API key is injected into the agent’s env, the agent can in principle read it. The value of our threat model is better custody, short-lived creds where possible, and auditability, not “the process can’t see its own env.” You can make the hooks a lot stricter and check that the agent can basically never do anything with the credential, the agent is still inside the trust boundary in this case. | ||